Recent Posts
I saw an analysis on another site and a talk to the auditors that caught him- they said he could have gotten away with it with one minor change to his scheme. Set up a server at home, and have them vpn into the server, then connect from there.-wraith808 (January 17, 2013, 09:12 PM)
@Renegade: Yes, the duck analogy occurred to me too, as I was writing the above.-IainB (January 17, 2013, 08:13 PM)
But yeah, it's whOracle - #2 on my list of really evil software companies, where crApple still reigns supreme.-f0dder (January 16, 2013, 02:09 AM)
Very subtle. Almost CRied laughing! why would that be any different from the technetwork page?-Tinman57 (January 17, 2013, 07:20 PM)
Because the more dev-oriented types probably wouldn't want the dratted thing, and it's generally poor practice to tick off your developers?
Of course, Joe User apparently doesn't mind toolbars... (have we had a poll asking the most toolbars you've had to clean off someone's pc?)-x16wda (January 17, 2013, 07:32 PM)
But seriously, gotta give the guy props! He's obviously very good at managing developers~!Yeah, but he got his ass fired for it too. lol
-Renegade (January 17, 2013, 05:46 AM)-Tinman57 (January 17, 2013, 07:34 PM)
Let those who advocate for the "new service and information economy" ponder deeply the implications in this.
-40hz (January 17, 2013, 09:25 AM)
If that was done by the media network under duress and at the behest of the RIAA members - e.g., under threats to pull RIAA members' and record label business from the network - then it could be a restrictive trade practice or a monopoly practice.-IainB (January 17, 2013, 08:37 AM)
I'm not sure about NZ - which to some, by now, might look a bit like the lawless old Wild West (e.g., after the Dotcom raid, etc.) - but I would have thought that such practices would be illegal in many/most of the developed countries.-IainB (January 17, 2013, 08:37 AM)
(That was sarcasm.) US programmer outsources his own job to China
IT ONLY GETS BETTER!!!Verizon says it uncovered the scam when it was hired by the man's unnamed employer, which suspected a security breach. It had discovered that a VPN connection had been opened between its systems and China almost every day for months - sometimes staying open for the whole of the working day.
"They're a US critical infrastructure company, and it was an unauthorized VPN connection from CHINA. The implications were severe and could not be overstated," says Verizon's Andrew Valentine.
"The company implemented two-factor authentication for these VPN connection. The second factor being a rotating token RSA key fob. If this security mechanism had been negotiated by an attacker, again, the implications were alarming."
To make matters worse, he says, the developer whose credentials were being used was sitting at his desk in the office at the time.
Verizon staff leapt into action, recovering as many files as possible from the affected workstation - and discovered hundreds of .pdf invoices from a third party contractor/developer in Shenyang, China.
"As it turns out, Bob had simply outsourced his own job to a Chinese consulting firm. Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him," says Valentine.
"Authentication was no problem, he physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday."
So what was this man of leisure actually doing with his day? Verizon staff checked his web browsing history to find out. Apparently, he was engaged in a gruellling round of surfing Reddit and Ebay, watching cat videos and checking Facebook, before submitting end of day update e-mail to management.
Worse, it seems that this wasn't his only job: the man had the same scam going across several different companies in the area, and was making a profit of several hundred thousand dollars a year.
"The best part?" says Valentine. "Investigators had the opportunity to read through his performance reviews while working alongside HR. For the last several years in a row he received excellent remarks. His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building."
- I tried entering this license key but got an error message that it had been used too many times!-dgreenlees (January 14, 2013, 02:04 PM)
- I also tried changing the quick save preferences: the resize file name saves ok, but the cropped file name does not save changes and always reverts to default.-dgreenlees (January 14, 2013, 02:04 PM)
Great stuff!-kyrathaba (January 15, 2013, 08:41 PM)
Kaspersky Lab Identifies Operation “Red October,” an Advanced Cyber-Espionage Campaign Targeting Diplomatic and Government Institutions Worldwide
Attackers Created Unique, Highly-Flexible Malware to Steal Data and Geopolitical Intelligence from Target Victims’ Computer Systems, Mobile Phones and Enterprise Network Equipment
Today Kaspersky Lab published a new research report which identified an elusive cyber-espionage campaign targeting diplomatic, governmental and scientific research organizations in several countries for at least five years. The primary focus of this campaign targets countries in Eastern Europe, former USSR Republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America. The main objective of the attackers was to gather sensitive documents from the compromised organizations, which included geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment.
PirateBox is a self-contained mobile communication and file sharing device. Simply turn it on to transform any space into a free and open communications and file sharing network.
Share (and chat!) Freely Inspired by pirate radio and the free culture movements, PirateBox utilizes Free, Libre and Open Source software (FLOSS) to create mobile wireless communications and file sharing networks where users can anonymously chat and share images, video, audio, documents, and other digital content.
Private and Secure PirateBox is designed to be private and secure. No logins are required and no user data is logged. Users remain completely anonymous – the system is purposely not connected to the Internet in order to subvert tracking and preserve user privacy.
...
these people think that they are "The Shit".-Tinman57 (January 14, 2013, 06:07 PM)
Well, it all truth they are ... just, perhaps, not the way they'd have us thimk-barney (January 14, 2013, 11:00 PM)
Oh, what was that language that so many Android programs are written in?Well, the language is Java, but the base libraries are different and Dalvik is different from the Java VM... so I'd be more than a little surprised if a Java exploit would work on Android-Renegade (January 14, 2013, 07:26 AM)-f0dder (January 14, 2013, 07:28 AM)
